LibJS: Fix UB in Math.clz32

If the argument to this function is greater then or equal to 2^32, the `double` => `u32` cast produces undefined behavior, which Clang catches. To fix this, we now use `ToUint32` for getting the integer argument, as specified by ECMA-262.
Author: https://github.com/BertalanD Commit: https://github.com/SerenityOS/serenity/commit/fd76e71934a Pull-request: https://github.com/SerenityOS/serenity/pull/8718 Issue: https://github.com/SerenityOS/serenity/issues/363 Reviewed-by: https://github.com/gunnarbeutner ✅ Reviewed-by: https://github.com/nico
2024-12-11 17:00:37 +00:00 · 2021-08-06 18:35:05 +02:00 · 2021-08-06 18:35:05 +02:00 · fd76e71934 · 2024-07-18 07:15:34 +09:00
commit fd76e71934
parent 5d32f543ec
1 changed files with 3 additions and 3 deletions
--- a/Userland/Libraries/LibJS/Runtime/MathObject.cpp
+++ b/Userland/Libraries/LibJS/Runtime/MathObject.cpp
@ -341,12 +341,12 @@ JS_DEFINE_NATIVE_FUNCTION(MathObject::sign)
 // 21.3.2.11 Math.clz32 ( x ), https://tc39.es/ecma262/#sec-math.clz32
 JS_DEFINE_NATIVE_FUNCTION(MathObject::clz32)
 {
-    auto number = vm.argument(0).to_number(global_object);
+    auto number = vm.argument(0).to_u32(global_object);
    if (vm.exception())
        return {};
-    if (!number.is_finite_number() || (unsigned)number.as_double() == 0)
+    if (number == 0)
        return Value(32);
-    return Value(__builtin_clz((unsigned)number.as_double()));
+    return Value(__builtin_clz(number));
 }

 // 21.3.2.2 Math.acos ( x ), https://tc39.es/ecma262/#sec-math.acos